Recent Releases

2.19.013 Jun 2018 16:45major bugfix:
Improvements
Warn user about possible slowdown when using cryptography version 1.3.4.
Check for invalid host in proxy URL, before forwarding request to adapter.
Fragments are now properly maintained across redirects. (RFC7231 7.1.2).
Removed use of cgi module to expedite library load time.
Added support for SHA-256 and SHA-512 digest auth algorithms.
Minor performance improvement to `Request.content`.
Migrate to using collections.abc for 3.7 compatibility.
Parsing empty `Link` headers with `parse_header_links()` no longer return one bogus entry.
where loading the default certificate bundle from a zip archive
would raise an `IOError`.
with unexpected `ImportError` on windows system which do not support `winreg` module.
DNS resolution in proxy bypass no longer includes the username and password in
the request. This also the of DNS queries failing on macOS.
Properly normalize adapter prefor url comparison.
Passing `None` as a file pointer to the `files` param no longer raises an exception.
Calling `copy` on a `RequestsCookieJar` will now preserve the cookie policy correctly.
Dependencies.
We now support idna v2.7.
We now support urllib3 v1.23.

2.18.416 Aug 2017 03:15minor documentation:
Improvements
Error messages for invalid headers now include the header name for easier deging.
Dependencies.
We now support idna v2.6.

2.14.214 May 2017 03:15minor bugfix:
Changed a less-than to an equal-to and an or in the dependency markers to.
Widen compatibility with older setuptools releases.

2.13.025 Jan 2017 03:25major documentation:
Features
Only load the `idna` library when we've determined we need it. This will
save some memory for users.
Miscellaneous.
Updated bundled urllib3 to 1.20.
Updated bundled idna to 2.2.

2.12.415 Dec 2016 03:15minor bugfix:
Regression from 2.12.2 where non-string types were rejected in the.
Basic auth parameters. While support for this behaviour has been readded,
The behaviour is deprecated and will be removed in the future.

2.12.305 Dec 2016 03:15minor bugfix:
Regression from v2.12.1 for URLs with schemes that begin with "http".
These URLs have historically been processed as though they were HTTP-schemed
URLs, and so have had parameters added. This was removed in v2.12.2 in an.
Overzealous attempt to resolve problems with IDNA-encoding those URLs. This
Change was reverted: the other for IDNA-encoding have been judged to
be sufficient to return to the behaviour Requests had before v2.12.0.

2.12.201 Dec 2016 03:15minor bugfix:
Several with IDNA-encoding URLs that are technically invalid but.
Which are widely accepted. Requests will now attempt to IDNA-encode a URL if
it can but, if it fails, and the host contains only ASCII characters, it will
be passed through optimistically. This will allow users to opt-in to using
IDNA2003 themselves if they want to, and will also allow technically invalid.
But still common hostnames.
an where URLs with leading whitespace would raise.
`InvalidSchema` errors.
an where some URLs without the HTTP or HTTPS schemes would still.
Have HTTP URL preparation applied to them.
an where Unicode strings could not be used in basic auth.
an encountered by some Requests plugins where constructing a
Response object would cause `Response.content` to raise an.
`AttributeError`.

2.12.016 Nov 2016 03:15major bugfix:
Improvements
Updated support for internationalized domain names from IDNA2003 to IDNA2008.
This updated support is required for several forms of IDNs and is mandatory.
For.de domains.
Much improved heuristics for guessing content lengths: Requests will no.
Longer read an entire `StringIO` into memory.
Much improved logic for recalculating `Content-Length` headers for.
`PreparedRequest` objects.
Improved tolerance for file-like objects that have no `tell` method but
do have a `seek` method.
Anything that is a subclass of `Mapping` is now treated like a dictionary
by the `data=` keyword argument.
Requests now tolerates empty passwords in proxy credentials, rather than.
Stripping the credentials.
If a request is made with a file-like object as the body and that request is.
Redirected with a 307 or 308 status code, Requests will now attempt to
Rewind the body object so it can be replayed.
When calling `response.`, the call to `` will be propagated.
Through to non-urllib3 backends.
Where the `ALL_PROXY` environment variable would be preferred.
Over scheme-specific variables like `HTTP_PROXY`.
Where non-UTF8 reason phrases got severely mangled by falling.
Back to decoding using ISO 8859-1 instead.
a where Requests would not correctly correlate cookies set when.
Using custom Host headers if those Host headers did not use the native
String type for the platform.
Miscellaneous.
Updated bundled urllib3 to 1.19.
Updated bundled certifi certs to 2016.09.26.

2.11.118 Aug 2016 03:25minor bugfix:
a when using `iter_content` with `decode_unicode=True` for.
Streamed bodies would raise `AttributeError`. This was introduced in
2.11.
Strip Content-Type and Transfer-Encoding headers from the header block when.
Following a redirect that transforms the verb from POST/PUT to GET.

2.11.009 Aug 2016 03:15major bugfix:
Improvements
Added support for the `ALL_PROXY` environment variable.
Reject header values that contain leading whitespace or newline characters to
reduce risk of header smuggling.
occasional `TypeError` when attempting to decode a JSON response that
occurred in an error case. Now correctly returns a `ValueError`.
Requests would incorrectly ignore a non-CIDR IP address in the `NO_PROXY`
environment variables: Requests now treats it as a specific IP.
a when sending JSON data that could cause us to encounter obscure
OpenSSL errors in certain network conditions (yes, really).
Added type checks to ensure that `iter_content` only accepts integers and.
`None` for chunk sizes.
where responses whose body had not been fully consumed would have
the underlying connection but not returned to the connection pool,
which could cause Requests to hang in situations where the `HTTPAdapter`
had been configured to use a blocking connection pool.
Miscellaneous.
Updated bundled urllib3 to 1.16.
Some previous releases accidentally accepted integers as acceptable header values. This release does not.

2.9.016 Dec 2015 03:15major bugfix:
Minor Improvements (Backwards compatible)
The `verify` keyword argument now supports being passed a path to a.
Directory of CA certificates, not just a single-file bundle.
Warnings are now emitted when sending files opened in text mode.
Added the 511 Network Authentication Required status code to the status code.
Registry.
For file-like objects that are not seeked to the very beginning, we now.
Send the content length for the number of bytes we will actually read, rather
Than the total size of the file, allowing partial file uploads.
When uploading file-like objects, if they are empty or have no obvious.
Content length we set `Transfer-Encoding: chunked` rather than
`Content-Length: 0`.
We correctly receive the response in buffered mode when uploading chunked.
Bodies.
We now handle being passed a query string as a bytestring on Python 3, by.
Decoding it as UTF-8.
Sessions are now in all cases (exceptional and not) when using the.
Functional API rather than leaking and waiting for the garbage collector to
Clean them up.
Correctly handle digest auth headers with a malformed `qop` directive that.
Contains no token, by treating it the same as if no `qop` directive was
Provided at all.
Minor performance improvements when removing specific cookies by name.

2.8.114 Oct 2015 09:45minor bugfix:
Update certificate bundle to match `certifi` 2015.9.6.2's weak certificate
bundle.
a in 2.8.0 where requests would raise `ConnectTimeout` instead of.
`ConnectionError`.
When using the PreparedRequest flow, requests will now correctly respect the.
`json` parameter. Broken in 2.8.0.
When using the PreparedRequest flow, requests will now correctly handle a
Unicode-string method name on Python 2. Broken in 2.8.0.

2.8.006 Oct 2015 03:15major bugfix:
Minor Improvements (Backwards Compatible)
Requests now supports per-host proxies. This allows the `proxies`.
Dictionary to have entries of the form
` '://': '' `. Host-specific proxies will be used
in preference to the previously-supported scheme-specific ones, but the.
Previous syntax will continue to work.
`Response.raise_for_status` now prints the URL that failed as part of the.
Exception message.
`requests.utils.get_netrc_auth` now takes an `raise_errors` kwarg.
Defaulting to `False`. When `True`, errors parsing `.netrc` files cause
Exceptions to be thrown.
Change to bundled projects import logic to make it easier to unbundle.
Requests downstream.
Changed the default User-Agent string to avoid leaking data on Linux: now.
Contains only the requests version.
The `json` parameter to `post()` and friends will now only be used if.
Neither `data` nor `files` are present, consistent with the
Documentation.
We now ignore empty fields in the `NO_PROXY` enviroment variable.
Problem where `httplib.BadStatusLine` would get raised if combining.
`stream=True` with `contextlib.closing`.
Prevented where we would attempt to return the same connection back to.
The connection pool twice when sending a Chunked body.
Miscellaneous minor internal changes.
Digest Auth support is now thread safe.
Updates.
Updated urllib3 to 1.12.

2.7.004 May 2015 11:05documentation bugfix:
This is the first release that follows our new release process. For more, see
`our documentation.
`_.
**Bugfixes**.
Updated urllib3 to 1.10.4, resolving several bugs involving chunked transfer
encoding and response framing.

2.6.123 Apr 2015 09:05bugfix:
**Bugfixes**.
Remove VendorAlias import machinery introduced in v2.5.2.
Simplify the PreparedRequest.prepare API: We no longer require the user to
pass an empty list to the hooks keyword argument.
Resolve redirects now receives and forwards all of the original arguments to
the adapter.
Handle UnicodeDecodeErrors when trying to deal with a unicode URL that
cannot be encoded in ASCII.
Populate the parsed path of the URI field when performing Digest
Authentication.
Copy a PreparedRequest's CookieJar more reliably when it is not an instance
of RequestsCookieJar.

2.6.015 Mar 2015 03:15bugfix feature:
Bugfixes**
Fix handling of cookies on redirect. Previously a cookie without a host
value set would use the hostname for the redirected URL exposing requests
users to session fixation attacks and potentially cookie stealing. This was
disclosed privately by Matthew Daley of `BugFuzz `_.
An CVE identifier has not yet been assigned for this. This affects all
versions of requests from v2.1.0 to v2.5.3 .
Fix error when requests is an ``install_requires`` dependency and ``python
setup.py test`` is run.
Fix error when urllib3 is unbundled and requests continues to use the
vendored import location.
Include fixes to ``urllib3``'s header handling.
Requests' handling of unvendored dependencies is now more restrictive.
Features and Improvements**
Support bytearrays when passed as parameters in the ``files`` argument.
Avoid data duplication when creating a request with ``str``, ``bytes``, or
bytearray`` input to the ``files`` argument.

2.5.224 Feb 2015 16:25security bugfix:
Features and Improvements:
Add sha256 fingerprint support.
Improve the performance of headers.
Bugfixes:
Copy pip's import machinery. When downstream redistributors remove
requests.packages.urllib3 the import machinery will continue to let those
same symbols work. Example usage in requests' documentation and 3rd-party
libraries relying on the vendored copies of urllib3 will work without having
to fallback to the system urllib3.
Attempt to quote parts of the URL on redirect if unquoting and then quoting
fails.
Fix filename type check for multipart form-data uploads.
Properly handle the case where a server issuing digest authentication
challenges provides both auth and auth-int qop-values.
Fix a socket leak.
Fix multiple ``Set-Cookie`` headers properly.
Disable the built-in hostname verification.
Fix the behaviour of decoding an exhausted stream.
Security:
Pulled in an updated ``cacert.pem``.
Drop RC4 from the default cipher list.

2.5.002 Dec 2014 18:45bugfix documentation:
Improvements**
Allow usage of urllib3's Retry object with HTTPAdapters
The ``iter_lines`` method on a response now accepts a delimiter with which
to split the content
Behavioural Changes**
Add deprecation warnings to functions in requests.utils that will be removed
in 3.0
Sessions used by the functional API are always closed
Restrict requests to HTTP/1.1 and HTTP/1.0
Bugfixes**
Only parse the URL once
Allow Content-Length header to always be overriden
Properly handle files in HTTPDigestAuth
Cap redirect_cache size to prevent memory abuse
Fix HTTPDigestAuth handling of redirects after authenticating successfully
Fix crash with custom method parameter to Session.request
Fix how Link headers are parsed using the regular expression library
Documentation**
Add more references for interlinking
Update CSS for theme
Update width of buttons and sidebar
Replace references of Gittip with Gratipay
Add link to changelog in sidebar

2.4.110 Sep 2014 03:15security security bugfix:
Now has a "security" package extras set, `` pip install requests``
Requests will now use Certifi if it is available.
Capture and re-raise urllib3 ProtocolError
Bugfix for responses that attempt to redirect to themselves forever .

2.4.030 Aug 2014 03:15minor feature:
Behavioral Changes**
Connection: keep-alive`` header is now sent automatically.
Improvements**
Support for connect timeouts! Timeout now accepts a tuple which is used to set individual connect and read timeouts.
Allow copying of PreparedRequests without headers/cookies.
Updated bundled urllib3 version.
Refactored settings loading from environment new `Session.merge_environment_settings`.
Handle socket errors in iter_content.